CVE-2025-0063

HIGH

SAP NetWeaver AS ABAP & ABAP Platform - Privilege Escalation

Title source: llm

Description

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3550816

Patch

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 8.8

EPSS 0.0018

EPSS Percentile 39.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (14)

sap/sap_basis 700

sap/sap_basis 701

sap/sap_basis 702

sap/sap_basis 731

sap/sap_basis 740

sap/sap_basis 750

sap/sap_basis 751

sap/sap_basis 752

sap/sap_basis 753

sap/sap_basis 754

... and 4 more

Published Jan 14, 2025

Tracked Since Feb 18, 2026